What i've been working on is setting the AD primary group for a user
based on GroupMembership change in eDir. Saw a good Cool Solution that
gets me almost there. In fact if I hard code the dest dn in LDAP form
work great.

No issues detecting the group in question is changing. No problems
reading AD to get the primaryGroupToken. What I'm having issues with is
reading the member from the Group Modify event and turning into a DN
that I can use to use in a set destination attribute value action.

How can I take the operational attribute(member) and convert that to the
destination LDAP format? The user object already resides in AD. (Am I
tackling this wrong?)

<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.2.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<modify cached-time="20151202202934.466Z" class-name="Group"
event-id="cs99la57#20151202202934#1#2:24a049f4-e341-48fa-21af-f449a02441e3"
qualif
ied-src-dn="O=la\OU=vault\OU=roles\CN=AD_CC_users"
src-dn="\DEV_VAULT\la\vault\roles\AD_CC_users" src-entry-id="43804"
timestamp="144
9088174#3">
<association
state="associated">dc4e3cb3dfbf634699ae28b4aded362 e</association>
<modify-attr attr-name="Member">
<add-value>
<value timestamp="1449088174#3"
type="dn">\DEV_VAULT\la\vault\users\active\idmtest </value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>



thanks
Chad


--
ncisrael
------------------------------------------------------------------------
ncisrael's Profile: https://forums.netiq.com/member.php?userid=769
View this thread: https://forums.netiq.com/showthread.php?t=54782